Duke University recently hosted a panel discussion on national security and protecting privacy, with considerable emphases on the latter. In considering how privacy is to be protected it became clear that the panel members held widely different views on the definition of privacy as well as on probable or possible privacy limitations. Further viewpoint separation became apparent during the discussion of data transfer as such transfer may or may not relate to privacy. A.J. Ringl provides his assessment of the panel's attempt to grapple with this subject. – JMH
Just in time to honor Data Privacy Day, 2009, Intel Corporation and the Triangle Center on Terrorism and Homeland Security sponsored an excellent presentation at Duke University on January 27 consisting of seven speakers from European Union (EU) offices and U.S. government agencies. Although the focal point and purpose of the panel discussion was data privacy, ancillary concerns of personal privacy and necessary state security interests were also vigorously examined. From the outset, panelists clarified that the objective of discussion was not an effort to balance privacy and security, but an attempt to find a solution that would both retain the privacy interests of individuals as well as the ability of law enforcement and security agencies to fulfill their tasks. The panel discussion was sectioned into three parts as follows.
Overview. The referenced document providing cornerstone guidelines for privacy is the Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980 (see www.oecd.org/document/18/ 0,3343,en_2649_34255_1815186_1_1_1_1,00.html). This document, in general, addresses the rights and obligations of both individuals and data handlers. All of the panelists referenced this document and its linkage to the U.S. Privacy Act of 1974. They communicated the notion that complementary aspects of the privacy-security continuum have been addressed by existing documents, yet advances in technology necessitate continuous review and modifications to current thinking.
How privacy is protected. Here the panelists became more fuzzy in their articulation of the privacy-security continuum, but remained predictably within the intellectual framework of their respective agencies. That is, EU representatives had a European perspective; departments of Justice, State, and DHS demonstrated the governmental bureaucratic view; and the organization representing Fourth Amendment interests presented its own weighted outlook. The lessons learned, if any, in this section of the panel’s discussion were that privacy is, indeed, contextual; that there is a future for information privacy; and that law enforcement and security agencies focus on different aspects or issues regarding security.
Problems of data transfer. In this section of the panel discussion, panelists addressed the many and varying aspects of privacy, its definitions, understandings, and applications. Apparently, privacy has many variant definitions, each according to individual purpose and meaning. This diversity is true of agencies and organizations also, as each entity’s perspective is defined by organizational values and functions. The problems of data transfer apparently lie in the definitions of privacy; or, perhaps the problems of privacy lie in the definitions of data transfer. A lack of education on the meanings, definitions, and workings of data transfer, security, and privacy was an agreed upon dynamic by all the participants. They acknowledged that privacy is a dimensionalized concept; that is, privacy has relevancy in many and varied human histories and practices. Additionally, identified problems of data transfer are often consequences of poor relations between the United States and its allies, and the resolution of such problems is currently being sought via High Level Contact Groups. The privacy-security dilemma remains unclear.
Congratulations are in order for all of the organizations and participants involved in making this panel discussion possible; it was indeed refreshing to note the level of interest, professionalism, and expertise resident in both panelists and audience alike. Since privacy and security both were identified as very diverse and multifaceted concepts, the overly represented legal perspective was perhaps a bit intellectually limiting.
Future discussions along the privacy-security continuum in regards to multivariate privacy and security understandings and practices should certainly include regional, cultural, social, generational, and global analyses. In fact, the notion that privacy and security are their own domains of knowledge was not once acknowledged – to take a knowledge management (an emergent discipline of human systems management) approach to privacy and security might actually clarify some fuzziness. Another missing component not addressed by any panelist is the concept of privacy and security as a discipline of both knowledge and practice. Perhaps it is lack of discipline that contributes to the lack of privacy and security.